Kohl’s must give records to identity theft victims

Imagine a thief used your information to buy things at Kohl’s – or used your Kohl’s credit card to go on a shopping spree. You’d want to get the records to prove it and clear up your good name. The law says you’re entitled to do exactly that. That’s what the FTC’s latest settlement with Kohl’s is about.

FTC sued Kohl’s because the company was not giving records to people whose identities were stolen, as required by law. The law says that, if your identity is stolen, you can get records directly from businesses – for free. You don’t need a subpoena and you don’t have to go through law enforcement. Businesses may require you to provide proof of identity (like a driver’s license) and proof of the identity theft (like a police report and affidavit). But they must give you the records within 30 days.

The law makes it easier for people to document identity theft by getting things like receipts and credit applications. According to the FTC, Kohl’s was not following the law. Instead, Kohl’s required record requests to come from law enforcement or an attorney. To make matters worse, sometimes Kohl’s did not turn over complete records and failed to respond within 30 days.

The FTC’s settlement requires Kohl’s to certify that it gave all identity theft-related records to people who have already requested them. Going forward, Kohl’s must give business records to identity theft victims in a timely way. In addition, Kohl’s must put a notice on their website explaining how you can get copies of business records related to identity theft. And Kohl’s must pay $220,000 in penalties.

If someone stole your identity, visit IdentityTheft.gov to report it and get a personal recovery plan that walks you through the steps to take. You’ll also find a sample letter for requesting business records related to identity theft. Want to know more about what businesses has to give you? Read Identity Theft? Show me the records.